From owner-freebsd-questions  Sat Dec  5 19:12:07 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA12414
          for freebsd-questions-outgoing; Sat, 5 Dec 1998 19:12:07 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from java.dpcsys.com (java.dpcsys.com [206.16.184.7])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA12409
          for <questions@FreeBSD.ORG>; Sat, 5 Dec 1998 19:12:06 -0800 (PST)
          (envelope-from dan@dpcsys.com)
Received: from localhost (dan@localhost)
	by java.dpcsys.com (8.9.1a/8.9.1) with SMTP id TAA16411;
	Sat, 5 Dec 1998 19:12:39 -0800 (PST)
Date: Sat, 5 Dec 1998 19:12:39 -0800 (PST)
From: Dan Busarow <dan@dpcsys.com>
To: Geoffrey Robinson <geoffr@globalserve.net>
cc: questions@FreeBSD.ORG
Subject: Re: Crypt and Salt
In-Reply-To: <3669E3CD.A2FCC31@globalserve.net>
Message-ID: <Pine.BSF.3.96.981205191134.10119A-100000@java.dpcsys.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 5 Dec 1998, Geoffrey Robinson wrote:
> I'm working on a project that requires passwords and decided the UNIX style
> of encrypting them was the best way to go. No problems getting crypt() to
> work but I'm confused about the use of salt. I can see that using different
> strings for salt causes crypt() to return different encrypted strings for
> the same key. This isn't a problem if I hard code the salt string into my
> programs so that it encrypts the same way each time but I can see from
> other programs like htpasswd.c and adduser that the salt string is
> generated randomly. If keys are encrypted using random salt strings how do
> authentication programs determine the original salt string used to encrypt
> a password in the password file before encrypting a password entered during
> login for comparison? What is the purpose of salt other than just making
> crypt() more random?

The first two characters of the encrypted string are the salt.

Dan
-- 
 Dan Busarow                                                  949 443 4172
 Dana Point Communications, Inc.                            dan@dpcsys.com
 Dana Point, California  83 09 EF 59 E0 11 89 B4   8D 09 DB FD E1 DD 0C 82


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message